C2PA

Documents with embedded C2PA manifests can be verified using Document Rails against a list of trusted X.509 certificates.

C2PA format

C2PA verification requires information about the format of the provided asset. The following formats are supported:

application/pdf

Output

Name	Value	Description
`kind`	`c2pa`	Credential kind identifier
`title`	Optional string value	Manifest title
`assertions`	JSON object	C2PA assertions
`credentials`	Array of JSON objects	Embedded credentials (usually W3C credentials)
`certificate_chain`	Certificate chain	Certificate chain embedded within the manifest

credentials field

While usually this field contains W3C credentials, Document Rails does not perform verification of it within the C2PA verification request, as third-party applications may embed custom credentials into this field.

If you wish to validate credentials from the credentials field, separate verification requests to Document Rails are required.

Example output

{
    "credentials": [
        {
            "kind": "c2pa",
            "title": "Signed Impressum document",
            "assertions": {},
            "credentials": [
                {
                    "@context": [
                        "https://www.w3.org/ns/credentials/v2",
                        "https://example.com/context",
                        "https://w3id.org/security/suites/ed25519-2020/v1"
                    ],
                    "id": "https://example.com",
                    "type": ["VerifiableCredential", "IdentityCredential"],
                    "credentialSubject": {
                        "type": "Identity",
                        "firstName": "John",
                        "lastName": "Doe",
                    },
                    "issuer": "...",
                    "validFrom": "2025-08-21T00:00:00Z",
                    "validUntil": "2026-08-21T00:00:00Z",
                    "proof": {
                        "type": "DataIntegrityProof",
                        "cryptosuite": "ecdsa-rdfc-2019",
                        "created": "2025-08-21T00:00:00Z",
                        "verificationMethod": "...",
                        "proofPurpose": "assertionMethod",
                        "proofValue": "..."
                    }
                }
            ],
            "certificate_chain": [
                {
                    "not_after_ts": 1785000040,
                    "not_before_ts": 1753464040,
                    "common_name": "Test Cert",
                    "country_name": "XX",
                    "organization_name": "Test"
                },
                {
                    "not_after_ts": 1785000040,
                    "not_before_ts": 1753464040,
                    "common_name": "Intermediate CA",
                    "country_name": "XX",
                    "organization_name": "XX"
                },
                {
                    "not_after_ts": 1785000039,
                    "not_before_ts": 1753464039,
                    "common_name": "Root CA",
                    "country_name": "XX",
                    "organization_name": "XX"
                }
            ]
        }
    ]
}

Example

Verify a C2PA asset (JavaScript)

import { verify, C2PAFormat, VerifyInputKind } from "@vaultie/document-rails";

const response = await verify(
    client,
    accessToken,
    organizationId,
    {
        input: {
            kind: VerifyInputKind.C2PA,
            format: C2PAFormat.PDF,
            data: "<base64-encoded file>",
        },
        trust_registries: [trustRegistryId],
    }
);